Serial ATA Commands Logger for Security Monitoring on FPGA Devices

Enforcing the computer systems security policy is highly reliant upon the use of security monitors. The monitoring system should provide a complete view of the monitored system in a stealth mode. The Serial ATA Commands Logger system described in this paper intercepts the ATA commands sent by a host bus adapter to an attached storage device, by monitoring the exchanged traffic, in a transparent manner. Transparency is obtained by integrating the FPGA based system on the physical connection between the two communicating devices. The intercepted commands and parameters are sent to a serial console. The system can interface with commodity hardware devices by supporting Serial ATA 6.0 Gbps data transfer rate and advanced features like Native Command Queuing. Experimental results demonstrate a negligible impact on throughput of data transfers between the host bus adapters and the storage devices. The Serial ATA Commands Logger establishes the basis for a security framework deemed to enable further research and development of storage security focused applications: integrity checkers, intrusion detection systems, data recovery techniques.